MikroTik Inter-VLAN Access

By default on MikroTik inter-VLAN communication is allowed. There is a chance this isn’t what you want to allow if you are using VLAN’s. This is how you can disable it: create firewall address lists for each VLAN’s then drop the traffic between them.

/ip firewall address-list 
add list=VLAN address=10.10.10.0/24 comment="VLAN: 10"
add list=VLAN address=10.10.20.0/24 comment="VLAN: 20"
add list=VLAN address=10.10.30.0/24 comment="VLAN: 30"
/ip firewall filter
add action=drop chain=forward comment="DROP inter-VLAN access " dst-address-list=VLAN log=yes log-prefix=DROPInterVLAN src-address-list=VLAN

Since commands are executed and saved right away you might want to use safe mode in case you get locked out.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.